You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by "Sourabh Sarvotham Parkala (Jira)" <ji...@apache.org> on 2022/08/12 08:26:00 UTC
[jira] [Commented] (SOLR-16141) Update Apache poi to the version 5.2.1
[ https://issues.apache.org/jira/browse/SOLR-16141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17578860#comment-17578860 ]
Sourabh Sarvotham Parkala commented on SOLR-16141:
--------------------------------------------------
[~krisden] The reason my colleague asked about this is to still provide a fix for BDSA-2022-0608 (CVE-2022-26336).
The affected library is just org.apache.poi:poi-scratchpad:jar:4.1.2
Hence, please let us know if we can just update the org.apache.poi:poi-scratchpad to 5.2.1? Would this cause regression in solr-cell 8.11.1? Let us know if it is ok to just update poi-scratchpad to 5.2.1.
Thanks
Sourabh
> Update Apache poi to the version 5.2.1
> --------------------------------------
>
> Key: SOLR-16141
> URL: https://issues.apache.org/jira/browse/SOLR-16141
> Project: Solr
> Issue Type: Wish
> Reporter: Ivan Viaznikov
> Priority: Major
>
> org.apache.solr:solr-cell module uses Apache POI. Apache POI version 5.2.1 includes several bug fixes, including a resolution for CVE-2022-26336, which impacts poi-scratchpad.
> Therefore requesting you to update the version of Apache POI to 5.2.1
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org